Fortinet has addressed a critical severity vulnerability affecting FortiOS and FortiProxy. CVE-2023-33308 has been given a critical severity rating with a CVSSv3 score of 9.8. Successful exploitation of the vulnerability will allow a remote attacker to execute arbitrary code on target systems.
The brain of Fortinet Security Fabric is its network operating system, FortiOS. The Security Fabric’s operating system, or software, connects all its parts and ensures tight integration throughout the deployment of the Security Fabric across an enterprise.
FortiProxy is a secure web proxy that protects employees against internet-borne attacks using several detection methods like web filtering, DNS filtering, data loss prevention, antivirus, intrusion prevention, and sophisticated threat protection.
Vulnerability Details
Stack buffer overflow vulnerability arises when a program writes more data to a stack memory than what is actually allocated for that buffer. When the overflow is accidentally triggered, this may lead to the corruption of neighboring data on the stack. Sometimes, this flaw may cause an application to crash or operate incorrectly.
An attacker may exploit the stack-based buffer overflow vulnerability in FortiOS and FortiProxy with the help of specially crafted packets reaching proxy or firewall policies with proxy mode alongside SSL deep packet inspection.
Affected Versions
- FortiProxy version 7.0.0 through 7.0.9
- FortiOS version 7.0.0 through 7.0.10
- FortiProxy version 7.2.0 through 7.2.2
- FortiOS version 7.2.0 through 7.2.3
Mitigation
Customers should upgrade to the following versions to patch the vulnerability:
- FortiProxy version 7.0.10 or above
- FortiOS version 7.0.11 or above
- FortiProxy version 7.2.3 or above
- FortiOS version 7.2.4 or above
- FortiOS version 7.4.0 or above
Please refer to the Fortinet PSIRT Advisory (FG-IR-23-183) for more information.
Workaround
As a workaround, admins can Disable HTTP/2 support on SSL inspection profiles used by proxy or firewall policies with proxy mode.
Following is an example of a custom-deep-inspection profile that disabled HTTP/2 support:
config firewall ssl-ssh-profile
edit “custom-deep-inspection”
set supported-alpn http1-1
next
end
For more information, please refer to the Fortinet Document Library.
Qualys Detection
Qualys customers can scan their devices with QID 44083 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.